Office 365 Admin – Permanently Remove Deleted User(s)

If you’re managing an Office 365 account, you might have noticed that when you delete a user from Office 365 admin center, it is moved into recycle bin for 30 days so that it can be recovered easily if it was deleted accidentally. But what if you actually want to permanently delete the user even from recycle bin? There is no such option in Admin center GUI to remove the user(s) from recycle bin. Fortunately you can do it via Windows PowerShell.

In this article, I will show you how to create a new user and then how to remove the user from Office 365 recycle bin.

For this you need to install the Azure Active Directory module for PowerShell on your computer. This is fairly simple and can be done via Install-Module MSOnline.

Installing Azure Active Directory Module for PowerShell

Open an elevated PowerShell console session and type the command as shown below:

PS D:\MyScripts> Install-Module MSOnline
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'?
&Yes Yes to &All &No No to A&ll &Suspend
Y
PS D:\MyScripts>

When you run this command, you will see a warning of Untrusted repository. You’ve to type Y and hit enter. Then wait for module to get installed.

Connecting to Azure Active Directory

First, connect to your Azure Active Directory by running Connect-MsolService. I will use Get-Credential cmdlet to store the credentials securely into a variable and then use these credentials to connect to Azure Active Directory.

Now I can use Connect-MsolService command with –Credential parameter to connect as shown below.

PS D:\MyScripts> Connect-MsolService -Credential $UserCredential

Creating New User in Azure Active Directory

To create a new user, use New-MsolUser cmdlet as shown below:

PS D:\MyScripts> New-MsolUser -UserPrincipalName [email protected] -DisplayName "Rahul Sharma" -FirstName "Rahul" -LastName "Sharma"

The New-MsolUser cmdlet has two required parameters (-UserPrincipalName and -DisplayName) that you have to specify. You can also use -Password parameter to specify a custom password. If you omit the -Password parameter, a random password will be chosen.

To list all the users, use Get-MsolUser cmdlet as shown below.

PS D:\MyScripts> Get-MsolUser

UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
[email protected] Rajesh Kumar False
[email protected] Ravi Kumar False
[email protected] Ajay Kumar False
[email protected] Surender Kumar True
[email protected] Rahul Sharma False

PS D:\MyScripts>

Deleting Users From Azure Active Directory

After connecting to Azure active directory, use Remove-MsolUser cmdlet to delete a user.

PS D:\MyScripts> Remove-MsolUser -UserPrincipalName [email protected] -Force

Above command moves the user to recycle bin and it will remain there for 30 days.

To list deleted users, use Get-MsolUser cmdlet with –ReturnDeletedUsers parameter.

PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers

UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
[email protected] Rahul Sharma False
[email protected] Rajesh Kumar False
[email protected] Ravi Kumar False
[email protected] Ajay Kumar False

To permanently delete the user (removing from recycle bin), use Remove-MsolUser cmdlet with RemoveFromRecycleBin parameter as shown below.

PS D:\MyScripts> Remove-MsolUser -UserPrincipalName [email protected] -RemoveFromRecycleBin -Force

Now if you look at the list of deleted users once again, you will no longer find user with UPN [email protected] in there.

PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers

UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
[email protected] Rajesh Kumar False
[email protected] Ravi Kumar False
[email protected] Ajay Kumar False

Removing All Users From Recycle Bin

To remove all the deleted users from recycle bin, you can pipe the Get-MsolUser result to Remove-MsolUser cmdlet and add the -Force switch to avoid being prompted for each user.

Caution: Be very careful while running following command. You could accidentally delete all users from your Azure Active Directory.

PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

Now if you look at the list of deleted users once again, you will find nothing in there.

PS D:\MyScripts> Get-MsolUser -ReturnDeletedUsers
PS D:\MyScripts>

This is just a gist of tasks you can do in Office 365 via PowerShell. There are whole lot of things you can do. Azure Active Directory module for PowerShell offers you following cmdlets that you can use to work with Office 365

PS D:\MyScripts> Get-Command -Module MSOnline | Select Name

Name
----
Add-MsolAdministrativeUnitMember
Add-MsolForeignGroupToRole
Add-MsolGroupMember
Add-MsolRoleMember
Add-MsolScopedRoleMember
Confirm-MsolDomain
Confirm-MsolEmailVerifiedDomain
Connect-MsolService
Convert-MsolDomainToFederated
Convert-MsolDomainToStandard
Convert-MsolFederatedUser
Disable-MsolDevice
Enable-MsolDevice
Get-MsolAccountSku
Get-MsolAdministrativeUnit
Get-MsolAdministrativeUnitMember
Get-MsolCompanyAllowedDataLocation
Get-MsolCompanyInformation
Get-MsolContact
Get-MsolDevice
Get-MsolDeviceRegistrationServicePolicy
Get-MsolDirSyncConfiguration
Get-MsolDirSyncFeatures
Get-MsolDirSyncProvisioningError
Get-MsolDomain
Get-MsolDomainFederationSettings
Get-MsolDomainVerificationDns
Get-MsolFederationProperty
Get-MsolGroup
Get-MsolGroupMember
Get-MsolHasObjectsWithDirSyncProvisioningE
Get-MsolPartnerContract
Get-MsolPartnerInformation
Get-MsolPasswordPolicy
Get-MsolRole
Get-MsolRoleMember
Get-MsolScopedRoleMember
Get-MsolServicePrincipal
Get-MsolServicePrincipalCredential
Get-MsolSubscription
Get-MsolUser
Get-MsolUserByStrongAuthentication
Get-MsolUserRole
New-MsolAdministrativeUnit
New-MsolDomain
New-MsolFederatedDomain
New-MsolGroup
New-MsolLicenseOptions
New-MsolServicePrincipal
New-MsolServicePrincipalAddresses
New-MsolServicePrincipalCredential
New-MsolUser
New-MsolWellKnownGroup
Redo-MsolProvisionContact
Redo-MsolProvisionGroup
Redo-MsolProvisionUser
Remove-MsolAdministrativeUnit
Remove-MsolAdministrativeUnitMember
Remove-MsolApplicationPassword
Remove-MsolContact
Remove-MsolDevice
Remove-MsolDomain
Remove-MsolFederatedDomain
Remove-MsolForeignGroupFromRole
Remove-MsolGroup
Remove-MsolGroupMember
Remove-MsolRoleMember
Remove-MsolScopedRoleMember
Remove-MsolServicePrincipal
Remove-MsolServicePrincipalCredential
Remove-MsolUser
Reset-MsolStrongAuthenticationMethodByUpn
Restore-MsolUser
Set-MsolADFSContext
Set-MsolAdministrativeUnit
Set-MsolCompanyAllowedDataLocation
Set-MsolCompanyContactInformation
Set-MsolCompanyMultiNationalEnabled
Set-MsolCompanySecurityComplianceContactIn
Set-MsolCompanySettings
Set-MsolDeviceRegistrationServicePolicy
Set-MsolDirSyncConfiguration
Set-MsolDirSyncEnabled
Set-MsolDirSyncFeature
Set-MsolDomain
Set-MsolDomainAuthentication
Set-MsolDomainFederationSettings
Set-MsolGroup
Set-MsolPartnerInformation
Set-MsolPasswordPolicy
Set-MsolServicePrincipal
Set-MsolUser
Set-MsolUserLicense
Set-MsolUserPassword
Set-MsolUserPrincipalName
Update-MsolFederatedDomain


Microsoft Certified Professional | Cisco Certified Network Associate

Leave a Reply